We Claim: 

1. A security device for connecting a host computer from a host 
bus to a computer network, the security device comprising a local 
bus, a network interface connecting said local bus to the computer 

5 network, and a two-port memory device connecting said local bus to 
the host bus. 

2. The security device of claim 1, wherein the two-port memory 
device has two bus interfaces, a first interface for communicating 

% with the host bus and a second interface for communicating with the 
Igj local bus. 

,: 3. The security device of claim 2, wherein information to be 

? : s 

M passed between the host bus and the local bus can not be 

3 

0? simultaneously located on the first interface and the second 
ps interface . 

15 4. The security device of claim 2, wherein information to be 
transmitted from a sending host to a receiving host is written from 
the host bus to the first interface, then read from the first 
interface to the second interface. 

5. The security device of claim 1, wherein the two-port memory 
2 0 device comprises a two-port RAM. 
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6. The security device of claim 1, further comprising an internal 
system memory connected to said local bus for storing information 
for said firmware and said interface. 

7. The security device of claim 1, further comprising a cipher 
unit connected to the local bus. 

8. The security device of claim 1, further comprising an 
authentication interface unit for authenticating a computer user. 

9. The security device of claim 1, wherein said interface 
comprises a network coprocessor. 

10. The security device of claim 1, wherein the network comprises 
a local area, Ethernet or token ring network. 

11. The security device of claim 1, further comprising a central 
processing unit for implementing firmware. 

12. The security device of claim 1, wherein security is 
implemented at a network layer of protocol hierarchy. 

13. A method for controlling a sending computer to transmit 
information to a receiving computer over a computer network, the 
method comprising: 
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receiving the information to be transmitted to the receiving 
computer from the sending computer; 

implementing security mechanisms to determine whether 
communication is authorized from the sending computer to the 
receiving computer and, if not, then terminating the transmission 
of information and, if so, then encrypting the information to be 
transmitted; and, 

transmitting the encrypted information to the receiving 
computer over the computer network. 

14. The method of claim 13, wherein the step of implementing 
security mechanisms comprises the steps of determining if the 
receiving computer is in a transmit list and consistent with a 
transmit security window and, if both conditions are not satisfied 
then terminating the transmission of information, otherwise 
encrypting the information to be transmitted, 

15. The method of claim 14, wherein the steps of determining if 
the receiving computer is in a transmit list and consistent with a 
transmit security window comprises the steps of performing 
discretionary access control and mandatory access control, 
respectively. 
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16. The method of claim 13, further comprising the step of 
generating an audit in addition to terminating the flow of 
information . 

17. The method of claim 13, wherein security is implemented at a 
network layer of protocol hierarchy. 

18. The method of claim 19, the method being implemented by 
security devices, one security device connected to each one the 
sending computer and the receiving computer. 



19. A method for controlling a receiving computer to receive 
information transmitted from a transmitting computer over a 
J~{ computer network, the method comprising: 

Kj receiving the information to be received by the receiving 

p computer from the computer network; 

implementing security mechanisms to determine whether 

15 communication is authorized from the sending computer to the 
receiving computer and, if not, then terminating the transmission 
of information and, if so, then decrypting the information to be 
received; and, 

transmitting the decrypted information to the receiving 
2 0 computer for reception thereof. 
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20. The method of claim 19, wherein the step of implementing 
security mechanisms comprises the steps of determining if the 
transmitting computer is in a receive list and consistent with a 
receive security window and, if both conditions are not satisfied 
then terminating the transmission of information, otherwise 
decrypting the information to be received, 

21. The method of claim 20, wherein the steps of determining if 
the transmitting computer is in a receive list and consistent with 
a receive security window comprises the steps of performing 
discretionary access control and mandatory access control, 
respectively. 

22. The method of claim 19, further comprising the step of 
generating an audit in addition to terminating the flow of 
information. 

23. The method claim 19, wherein security is implemented at a 
network layer of protocol hierarchy. 

24. The method of claim 19, the method being implemented by 
security devices, one security device connected to each one the 
sending computer and the receiving computer. 
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25. A secure network having a plurality of host computers 
accessible to users and connected to a network medium that has 
access to an untrusted line, the secure network comprising: 

a network security controller for enabling a security officer 
to generate at least one user profile for each user, each user 
profile defining at least one destination which the user is 
authorized to access; and, 

security devices connected to the network medium for receiving 
the user profiles generated at the network security controller, 
each security device associated with one host computer, each 
security device having an authorization device for authorizing 
users at the associated host computer, the security device 
permitting the authorized user, via the associated host computer, 
to select a user's profile associated with the user and for 
restricting access of the host computer to the at least one 
destination defined in the selected user's profile. 

26. The network of claim 25, wherein the at least one destination 
comprises at least one other host computer of the network or the 
untrusted line. 

27. The network of claim 25, the security device implementing 
security mechanisms when the host computer connects to a trusted 
destination. 
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28. The network of claim 25, the security device not implementing 
security mechanisms when the host computer connects to an untrusted 
destination. 

29. The network of claim 25, wherein the untrusted line comprises 
5 the Internet . 

30. The network of claim 25, wherein a user cannot simultaneously 
communicate with a trusted destination and an untrusted 

v-j destination. 

s. ; s 

*M 31. The network of claim 25, wherein a user is prevented from 

fill 

H simultaneously connecting to destinations having different security 
W levels . 

32. The network of claim 25, wherein a user can only select one 
profile at a time. 

33. The network of claim 25, wherein the user profiles define 
15 virtual private networks of communication comprising subsets of 

host computers . 

34. The network of claim 25, wherein security is implemented at a 
network layer of protocol hierarchy. 
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35. The network of claim 25, wherein at least one user profile has 
only one destination. 

36. The network of claim 25, wherein the destination in a user's 
profile correspond to a level of security granted the user. 

37. The network of claim 25, wherein the security devices are 
integrated with the associated host computer. 

38. A method for operating a network having a plurality of host 
computers accessible to users and connected to a network medium 
that has access to an untrusted line, the method comprising: 

generating at least one user profile for each user, each user 
profile defining at least one destination which the user is 
authorized to access; 

authorizing a user at a host computer; 

determining, at the host computer, the at least one user 
profile associated with the authorized user; 

permitting, at the host computer, the authorized user to 
select a user's profile associated with the user; and 

restricting access of the host computer to the at least one 
destination defined in the selected user's profile. 
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39. The method of claim 38, wherein the at least one destination 
comprises at least one other host computer of the network or the 
untrusted line. 

40. The method of claim 38, further comprising the step of 
5 implementing a security mechanism when the host computer connects 

to a trusted destination. 

41. The method of claim 38, further comprising the step of not 
r?| implement ing security mechanisms when the host computer connects to 
hi an untrusted destination. 

©0 42. The method of claim 38, wherein the untrusted line comprises 
the Internet. 

H 43. The method of claim 38, wherein a user cannot simultaneously 
communicate with a trusted destination and an untrusted 
destination. 

15 44. The method of claim 38, wherein a user is prevented from 
simultaneously connecting to destinations having different security 
levels . 
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45. The method of claim 38, wherein a user can only select one 
profile at a time. 

46. The method of claim 38, wherein the user profiles define 
virtual private networks of communication comprising subsets of 
host computers, 

47. The method of claim 38, wherein security is implemented at a 
network layer of protocol hierarchy . 

48. The method of claim 38, wherein at least one user profile has 
only one destination. 

49. The method of claim 38, wherein the destination in a user's 
profile correspond to a level of security granted the user. 

50. A multi-level secure network having a plurality of host 
computers accessible to users and connected to a network medium 
that has access to an untrusted line, the secure network comprising 
a security device coupled between at least one host computer and 
the network medium which operates at a network layer communications 
protocol and a network security controller for controlling the 
security device to establish connections to the network medium. 
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51. The multi-level secure network of claim 50, wherein the 
network security controller audits events. 

52. The multi-level secure network of claim 50, wherein the 
security device prevents simultaneous connection to a trusted line 
and an untrusted line. 

53. The multi-level secure network of claim 50, wherein the 
security device prevents simultaneous connection between lines of 
different security levels. 
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